Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Medium
Fix Version/s: None
Affects Version/s: 6.0
Component/s: System Administration - Secure Administrator Sessions
Labels:
- affects-server
- security

Introduced in Version:
6
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

When entering the username/password in the websudo dialog after the user session has expired, JIRA displays all submitted values, including the password in clear text.

This is a breach in security; the password should never be displayed in clear text on a web page.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

20130925-JIRA-SessionExpiredPasswordDisclosure.png
20 kB
25/Sep/2013 2:11 PM

Issue Links

duplicates

JRASERVER-29571 Session expiry pages may echo password in clear text

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Christoffer Soop

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Sep/2013 2:11 PM

Updated:: 28/Mar/2019 12:11 AM

Resolved:: 26/Sep/2013 1:10 AM